Authentication Algorithm Trade Study CCSDS Security WG Fall 2005 Atlanta, GA USA - PowerPoint PPT Presentation

Loading...

PPT – Authentication Algorithm Trade Study CCSDS Security WG Fall 2005 Atlanta, GA USA PowerPoint presentation | free to download - id: 6ebd11-NmJhN



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Authentication Algorithm Trade Study CCSDS Security WG Fall 2005 Atlanta, GA USA

Description:

... (Kenny) 1000-1030: coffee break 1030-1200: Security Architecture Document ... fit-all-missions solution PKI and/or distribution, public/private key ... – PowerPoint PPT presentation

Number of Views:32
Avg rating:3.0/5.0
Slides: 16
Provided by: Howar146
Learn more at: http://cwe.ccsds.org
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Authentication Algorithm Trade Study CCSDS Security WG Fall 2005 Atlanta, GA USA


1
Authentication Algorithm Trade Study CCSDS
Security WG Fall 2005 Atlanta, GA USA
  • Howard Weiss
  • NASA/JPL/SPARTA
  • hsw_at_sparta.com
  • 1-410-872-1515
  • September 2005

2
Agenda
  • 14 September 2005
  • 0900-0915 Welcome, opening remarks, logistics,
    agenda bashing, 0915-0930 Review results of
    Spring 2005 SecWG meeting in Athens Mtg Notes
  • 0930-1000 RASDS Review wrt Security
    Architecture (Kenny)
  • 1000-1030 coffee break
  • 1030-1200 Security Architecture Document
    Discussions (Kenny)
  • 1200-1330 Lunch
  • 1330-1400Review CNES Mission Security Req
    Development using EDIOS (Pechmalbec/Belbus)
  • 1400-1500 Encryption Algorithm Trade Study
    (Weiss)
  • 1500-1530 coffee break
  • 1530-1700 Authentication/Integrity Algorithm
    Trade Study (Weiss)
  • 15 September 2005
  • 0900-1000 Key management discussion (Kenny)
  • 1000-1030 Coffee break
  • 1030-1100 Identity Management, Spacecraft IDs
    (Weiss)
  • 1100-1130 CNES Interconnection Rules
    (Pechmalbec/Belbus)
  • 1130-1300 Lunch
  • 1300-1400 CNES Security Development Process
    (Pechmalbec/Belbus)
  • 1400-1500 Security Policy Document/Common
    Criteria (Weiss)

3
Discussion Topics
  • Standard Authentication/Integrity Algorithm
    adoption by CCSDS
  • Previous proposal submitted (Montreal, Toulouse,
    Athens) to adopt Digital Signature Standard (FIPS
    PUB 186-2).
  • Athens resulted in creating an action item to
    perform an authentication algorithm trade study.

4
Background Discussions
  • As previously discussed, CCSDS does not have
    standards for
  • Encryption
  • Authentication
  • Integrity
  • (or much of anything security-wise)
  • Previous discussions in the (old) P1A (link
    layer) panel to create such link-layer
    standards (Spring 2002 mtg in Darmstadt)
  • Good discussion which didnt lead to anything
    (P1A Security Briefing)
  • Created a draft P1A Security White Book to
    address some strawman proposals

5
Previous Encryption Algorithm Proposal
  • Propose FIPS PUB 186-2 Digital Signature
    Standard (DSS) algorithm standard.
  • Consensus??? Agreement???

6
Trade Study Background
  • Proposal in Montreal was pre-mature
  • Digital signature is one way to provide
    authentication
  • But NOT the only way
  • Two other kinds of Message Authentication Codes
    (MAC) in use
  • Hash-based MACs
  • Encryption-based MACs

7
Digital Signature Background
  • Digital Signature
  • Based on public/private key (asymmetric)
    cryptography
  • Hash/CRC performed over data, check-word
    encrypted using senders private key
  • Receiver re-calculates check-word, verifies
    transmitted check-word by decrypting with
    senders public key.
  • Requires generation of public/private key pairs
  • Requires Certificate Authority signing of
    generated public keys to guarantee their
    authenticity
  • Requires a means to distribute/populate public
    keys for every sender at every receiver.
  • Public Key Infrastructure (PKI)
  • Pre-loaded public keys or public key certificates
    requiring a potentially large on-board cache


8
Hash-based Message Authentication Code Background
  • Based on the concept of a keyed hash
  • Shared secret key
  • Hash calculated over data and the shared secret
    key to create a check-word, for example
  • H 0123456789 Mary had a little lamb
  • where 0123456789 is the shared secret
  • Keyed hash is authenticated by the receiver (who
    possesses the shared secret) by re-calculating
    the check-word and comparing it with the one
    transmitted with the data.

9
Encryption Based Message Authentication Code
Background
  • A hash is calculated over the raw data to create
    a check-word.
  • The check-word is encrypted using a symmetric
    algorithm using a shared secret key.
  • The encrypted check-word is authenticated by the
    receiver by recalculating the check-word, then
    decrypting the transmitted check-word using the
    symmetric algorithm and the shared secret key,
    and then comparing the two check-words.

10
Candidate Algorithms
  • Digital Signature candidates
  • Digital Signature Algorithm (DSA)
  • RSA
  • Elliptic Curve Digital Signature (ECDSA)
  • Hash-based MAC
  • HMAC-SHA1-96
  • HMAC-MD5-96
  • Hashing algorithms
  • SHA (1,256,384,512)
  • MD5
  • UMAC
  • RIPEMD-160
  • TIGER
  • Encryption-based MAC
  • DES-CBC-MAC
  • CMAC
  • CCM

11
Digital Signature Algorithms
Name Type Characteristics Min. Key Size
Digital Signature Standard (DSS) FIPS 186-2 digital signature Digital signature based on SHA1 hash, un-encumbered (no patents, no licenses) 1024 bits
RSA Digital Signature RSA digital signature (FIPS approved) Previously patented digital signature (expired 2000) 1024 bits
Elliptic Curve Digital Signature (ECDSA) Elliptic curve digital signature Digital signature based on elliptic curve key technology which uses smaller keys than other public key technologies but may be encumbered by various Cirticom intellectual property, licenses, and patents. Apparently, ECDSA is not covered by any Certicom patents and there are open source ECC libraries, but Certicom does have over 300 patents on various aspects of ECC including efficient implementations of ECC in hardware and software, key agreements, etc. 160 bits
12
Hash Based MACs
Name Type Characteristics Output Hash Size
Secure Hash Algorithm 1 (SHA1) Hash algorithm FIPS approved other versions (SHA256, SHA384, SHA512) provide longer outputs 160 bits
Message Digest 5 (MD5) Hash algorithm Potential weaknesses can be used as a keyed hash 128 bits
Universal Message Authentication Code (UMAC) Hash Algorithm Designed to be the fastest hash algorithm ever 32, 64, or 96 bits (64 bits recommended)
RACE Integrity Primitives Evaluation Message Digest 160 (RIPEMD-160) Hash Algorithm Developed as part of the ECs Research and Development in Advanced Communications Technologies in Europe (RACE) 160 bits
TIGER Hash Algorithm Designed for efficient operation on 64-bit platforms 192 bits
HMAC-SHA1-96 Hash-based MAC Uses SHA-1 for hash 96 bits truncates SHA1 160 bit output
HMAC-MD5-96 Hash-based MAC Uses MD5 for hash 96 bits truncates MD5 128 bit output
13
Encryption Based MACs
Name Type Characteristics Key Size
DES-CBC-MAC Cryptographic MAC DES-based (FIPS PUB 113 dated 30 May 1985 64-bits
CMAC Cryptographic MAC Encrypted-based MAC using any symmetric key block cipher algorithm 64, 128, 192, 256 (depending on block cipher algorithm used)
CCM Cryptographic MAC Uses cipher-block-chaining (CBC) with counter mode encryption to provide both authentication and confidentiality using a block cipher algorithm with 128-bit key or greater) 128, 192, 256
14
Conclusions and Recommendations
  • Digital signature authentication might not be the
    universal, fit-all-missions solution
  • PKI and/or distribution, public/private key
    generation, key size, CPU intensive
  • Shared secret key technology might be more
    suitable
  • Small(er) key size, less CPU intensive, shared
    secret used many times requiring less caching and
    less lookups
  • Adopt dual standards
  • DSA (FIPS PUB 186)
  • HMAC w/SHA1 (FIPS PUB 198)

15
Discussion
  • Is digital signature the only right answer?
  • Should there be multiple right answers because
    of mission constraints?
  • For example, shared symmetric keys will be
    smaller, and may be easier to deal with than
    public keys.
  • Should CCSDS adopt both a digital signature AND a
    symmetric technology authentication algorithm?
About PowerShow.com